Sunday, May 31, 2015

Everything You Need to Create a Healthcare Data Breach Notification Plan

Healthcare data breaches have moved front and center in the news lately. In fact, 2015 has been called "The Year of the Hack." As many people admit, it’s not a matter of if your organization will be breached, it’s just when the breach will occur. One important thing all organizations should prepare for is what, how and to who they should communicate when the breach occurs. Having a Security Incident Response Plan assembled prior to a breach will go a long way toward ameliorating the negative impacts a breach will have for your organization.

This post provides a list of great resources that can be used to create a Security Incident and External Breach Notification Plan. The materials were developed by government agencies like the NIST, DOJ, private companies like Experian and Microsoft, associations like the American Bar Association and leading security consultants. 

What Goes into a Good Plan?

Gives a good overview of how to “Establish and implement a written data breach response policy”

Really good info!

More info on what should be included in a good plan.

Good RACI chart for assigning responsibilities – Other useful info too

Good questions to answer before and after a breach: See pages 10, 16, 21, 26. Also, this fellow Lenny Zelster appears to be a very knowledgeable consultant. I don't know him personally but he might be a good consulting resource.

What Kind of Questions Should You Ask or Will You be Asked?

Questions that need to be addressed. Sample questions others may ask for which you’ll need to be prepared.

Appendix A contains incident response scenarios and questions for use in incident response tabletop discussions

Appendix E identifies resources that may be useful in planning and performing incident response.

Appendix F covers frequently asked questions about incident response.

Ok. It Happened!

Overview from Experian including info on HIPAA.

Some good info from Microsoft

And a word from the lawyers... :)

Don't Forget Those Pesky State Regulations

For instance:

States In Which Definition for “Personal Information” is Broader Than the General Definition

States That Require Notification Within a Specific Time Frame

Best Practices, Cheat Sheets & Templates – Oh my!

Recent Guidance from DOJ

In Word & Excel formats

Good steps – see page 10-14

That's All Folks!

So there you have it. The above is pretty much all you'll need to assemble a good security incident response plan. There’s no need to develop a plan all on your own. As someone once said: “Good artists borrow, great artists steal.”

For other information on healthcare and information technology, consider following me on Twitter.

Wednesday, May 27, 2015

AHIP Institute Exhibitors on My Must Meet List

A number of vendors will be exhibiting at the AHIP Institute in Nashville, TN on June 3rd through the 5th.  I count around 220+ on AHIP’s web site. 

Based on my areas of interest – consumerism, transparency, health literacy, risk adjustment and enrollment – I have the following vendors on my radar for the AHIP Institute event.


See you at the AHIP Institute

As one of four Social Media Ambassadors for this year's AHIP Institute, I'd like to solicit information and ideas from all attendees and exhibitors. If you have anything you'd like to share related to the AHIP Institute: your goals for attending, what you are looking forward to, information on your product or services, things to do in Nashville, etc - please reach out to me and perhaps I can help share your perspective, ideas and information with others?

Also, consider following me on Twitter where I will be sharing more information on the AHIP Institute and health care information technology.

Monday, May 25, 2015

Looking Forward to These Sponsored Sessions at AHIP Institute

The AHIP Institute in Nashville, TN on June 3rd through the 5th offers some interesting Sponsored Concurrent Breakfast Sessions. The following sessions look interesting to me – and not just because I think there may be breakfast food served!

Breakfast Sessions 

Thursday, June 4 -- 7:30 - 8:15 am

The Health Insurer of the Future: How Health Plans will Transform in the Next Five Years

A discussion on what the health plan of the future looks like, forecasting the challenges and opportunities that health plans will face. Explores the DNA of the health plan of the future, including core capabilities, consumer engagement initiatives, adoption of new business models and technology investments.

Ray Desrochers, Executive Vice President, HealthEdge

Friday, June 5 -- 7:30 - 8:15 am

Survival of the Fittest: Thriving in a Regulated Post-Reform Era

Insights and strategies to understand the key critical performance measures that will determine strategic planning for health plans.
Matt Nichols, Vice President of Data Innovation, Optum

Other Sponsored Concurrent Sessions

Thursday, June 4 -- 1:00 pm – 1:45 pm

Emerging Issue for 2016: The Impact of the Quality Rating System on Qualified Health Plans

Insight into the reporting requirements for the 2016 Quality Rating System (QRS) implementation and the impact it will have on current QHPs. Covers the mid-cycle considerations and lessons learned from the QRS beta test to date.
Reid Kiser, General Manager, HEDIS Advantage, Inovalon
Michelle Johnson, Director, Government Relations & Policy, URAC

...Or the following session at the same 1:00pm time.

It Takes a Platform: How to Optimize Health & Incentives

Learn about the critical components of an enterprise-level consumer platform and how they can help their members achieve the highest health status at the lowest cost.

Jeffrey H. Margolis, Chariman and CEO, Welltok, Inc

Thursday, June 4 -- 2:00 pm – 2:45 pm

Fueled by Healthcare IT Start-Up Funding, Digital Disruption is Knocking

Examines traditional healthcare organizations and industry stakeholders that are taking interest in this shifting marketplace and trying to assess whether this funding momentum will continue, to what extent and to what market segments.

Alan Nalle, Senior Manager, Accenture Health Strategy

Thursday, June 4 -- 3:35 pm – 4:20 pm

Know The Score: Better Engagement For Better Health

Gain insight on how software and member engagement scores drive a proactive member experience – leading to improved member outcomes and lower costs.

Joel Radford, SVP, Software Solutions, Silverlink Communications
Stan Nowak, CEO & Co-Founder, Silverlink Communications
David Veroff, SVP, Analytics, Silverlink Communications

Friday, June 5 -- 9:55 am – 10:40 am

Beyond Private Exchanges: What Companies and Individuals Really Want from their Benefits Programs

Gain a better understanding of how health plans fit into the private exchange landscape from consumer considerations like brand, decision support, and multiple benefit options, to administrative needs like data integration and integrity, member maintenance and billing consolidation.

Shandon Fowler, Director of Product Strategy, Benefitfocus

See you at the AHIP Institute

If you have anything you'd like to share related to the AHIP Institute: your goals for attending, what you are looking forward to, information on your product or services, things to do in Nashville, etc - please reach out to me and perhaps I can help share your perspective, ideas and information with others?

Also, consider following me on Twitter where I will be sharing more information on the AHIP Institute and health care information technology.

Friday, May 22, 2015

AHIP Institute Sessions I'm Looking Forward To

The AHIP Institute in Nashville, TN on June 3rd through the 5th is particularly exciting for me to attend for three reasons:

1. It’s focused around the needs, issues and challenges of health plans and payers – an industry I’ve worked in for over 20 years.

2. I’m one of four people selected by AHIP to be a social media ambassador for the event.

3. It’s in Nashville, TN – a place where I lived for 10 years, where my youngest son was born and where all four of my kids attended grade school.

Healthcare Literacy, Transparency & Communications!

Since I strongly believe that improving health care literacy, increasing transparency of health care quality and cost information, and sharing information via an omni-channel approach holds the key to improving the U.S. healthcare system, I'm especially looking forward to the following concurrent sessions.

Note: I’ve included the Twitter account for any session presenter that had one.

Beyond the Contract: Enhancing Provider Engagement in New Care Models - June 4 - 2:00p – 2:45p

How retail health care and telemedicine are altering traditional behaviors and relationships between providers, health plans and consumers.

Amy Fahrenkopf, MD, VP, Highmark, Inc.

Transparency: Tools, Information and Innovation - June 5 - 10:50a – 11:35a

Learn about tools and new initiatives to engage consumers in their health care.

Raj Davda, MD, Medical Director, CIGNA 

Social Commerce: Integrating Your Marketing, Sales and Digital Approaches - June 4 - 3:35p – 4:20p

Learn ways to leverage social tools to deliver growth to your company. How social information fit into data and segmentation models.

Lindsay R. Resnick, CMO, KBM Group: Health Services

Katzman Stephanie, Senior Account Executive, LinkedIn
David Murray, Manager, Social Media, BCBS of Michigan
Joanna Belbey, Social Media & Compliance Specialist, Actiance

Health Literacy: A Key to Unlocking Change - June 5 - 9:55 a – 10:40a

Learn how others are bridging the health literacy knowledge gap to help consumers help themselves reach the goal of improved health. How can mass media tools help to propagate discovery and improve comprehension.

No speaker listed on AHIP site

Innovation & Inspiration in Health Care - June 4 - 1:00p - 1:45p

How health plans are rethinking the ways in which they do business. How health plans expanding their portfolios and diversifying their business – and lessons learned.

Darren Olson, Director, UPMC Health Plan 
Rob Coppedge, Senior VP, Cambia Health Solutions

If you have anything you'd like to share related to the AHIP Institute: your goals for attending, what you are looking forward to, information on your product or services, things to do in Nashville, etc - please reach out to me and perhaps I can help share your perspective, ideas and information with others?

Also, consider following me on Twitter where I will be sharing more information on the AHIP Institute and health care information technology.

Thursday, May 21, 2015

ICD-10 Jeopardy - Now and Then

Nuance Communication's post of today titled “It’s time to play ICD-10 Jeopardy!” reminded me of a series of Jeopardy-themed Tweets I made around Christmas 2012; not in season but timely relative to Nuance's post.

Holiday Accidents 

(Holiday Accidents for $100): Often associated w/ older, over-confident & intoxicated males hanging decorations.

(Holiday Accidents for $100): What is “W132XXA” - Fall from, out of or through roof, initial encounter.

(Holiday Accidents for $200): Avoid this potentially paralyzing condition by saying no to improperly prepared foods

(Holiday Accidents for $200): What is “A051” - Botulism food poisoning?

Xmas Movies

(Xmas Movies for $300): In Christmas Vacation, this happened to the Griswold’s cat during their holiday dinner.

(Xmas Movies for $300): What is “T754XXA”- Electrocution, initial encounter?

(Xmas Movies for $400): In How the Grinch Stole Christmas, the Grinch was “˜saved’ by this often fatal condition.

(Xmas Movies for $400): What is “I51.7” Cardiomegaly - hypertrophy or enlargement of the heart?

Holiday Shows

(Holiday Shows for $100) In “A Christmas Story,” Ralphie’s Mom always warned him about this code.

(Holiday Shows for $100): What is “W34118A” - Accidental malfunction of spring-operated gun, initial encounter?”

(Holiday Shows for $200) In “It’s a Wonderful Life, Young George saves his brother Harry from this watery fate.

(Holiday Shows for $200) What is “W1641XA” - Fall into unspecified water causing drowning & submersion, initial encounter?

70’s Rock Hits

(70’s Rock Hits for $100): Foreigner sings about this vision condition in their #3 hit in 1978.

(70’s Rock Hits for $100): What is “H53.2 ” - Diplopia or Double Vision?

(70’s Rock Hits for $200): Foreigner sings about this anemic condition in their #2 hit in 1978.

ICD-10 Jeopardy (70’s Rock Hits for $200): What is “D58.9 ” - Hereditary hemolytic anemia, unspecified (Hot Blooded)

For more on ICD-10 and healthcare information technology, consider following me on Twitter at @ShimCode and @HITConfGuy

Friday, May 8, 2015

How Can I Know Who Will Eventually Unfollow Me?

Earlier tonight I tweeted “I think I can predict w/ about 70-80% accuracy which “non-spam/commercial” Twitter account will un-follow me based on their bio & tweets.” 

I wanted to wrap up the day but Charles Webster – aka @wareflo – kept me going by tweeting “@ShimCode what do the people who unfollow you have in common?”  

Here’s a quick, more than 140 character, reply to Chuck’s question as to how I think I can determine, in advance, who will likely unfollow me. It’s actually pretty easy. Here’s how I can tell which followers are extremely likely to unfollow me. The more of the following attributes involved, the higher the likelihood that the account will unfollow.

Note: These criteria are loosely ordered by the importance/impact of each reason according to how I interpret the reason. But, of course, in certain scenarios there are exceptions and combinations that alter their order. And these reasons are unique to me; although variations can be made for all Twitter users.

They’re playing the “Follow-Unfollow” game to gain followers.

Anyone around Twitter for any length of time should know of this trick. It's non-organic and I don’t use it.
I’ve had some people follow & unfollow me 6-7 times. Eventually they unfollow for good when the service they are likely paying for figures out I’m not going to follow them.
Incompatible Tweeps

There are people who don’t tweet very often, they don’t share my area of interest, and/or they have private accounts.
Why would I follow these people?
Impulse Followers/Accidental Followers

Every now and then I share something that really strikes a chord and I see a spike in followers. Then the person who followed me realizes my content is not for them. Then they drop off.
No comment – they get a pass. When I find someone I'm not sure of, I place them on a watch list.
Triple X and MLM Accounts
I block the really overt ones. The rest usually go away on their own. Or are killed off by Twitter.
People Who Hate Health Plans, Insurance Companies and Payers

Some people just hate insurance companies. Once they learn I’ve worked on the health plan side, they bolt.
I’ve worked on what some people ignorantly consider the “Evil-Side” for 25 years. Deal with it!
People Who Don’t Agree with my Tweets
What can I say?

Occasionally – but way less than years past  – I express my fiscally conservative politics. Some “liberals” just can’t tolerate a different opinion. Go figure.
But be advised, my four 20-something offspring who dragged me a bit to the left these past 10-15 years have started to pay taxes. And I've been getting a reprieve.
Anti-2nd Amendment – Anti-Gun People

I'm a strong supporter of free speech and gun rights. Once some people learn this they’re gone.
But they can rest assured I'll not stop defending their right to speak and everyone's right to protect themselves.
My Call a Spade a Spade Attitude

I’m not going to be untrue to myself and be a high-fiving, backslapping, go along to get along lemming. So many people on Twitter are so Polly-Annish they make me sick.
Sorry, I’m just not gonna be a backslapper.
People that work for organizations that are against most or all of the topics mentioned above are likely to not want to hear/read what I tweet.
See #2, 5, 6, 7, 8, and 9 above.
I didn't follow them back right away - or ever.

In general, within the parameters outlined above, I follow people who follow me. I know this is controversial but I make extensive use of lists and filters so following thousands is not an imposition.
Too bad. I've been getting about 100-150 new followers a week and can't always stay on top of reviewing new followers.
So there you have it. I suppose I could develop an app to predict who will unfollow based on scoring followers using the above. But what value would it provide and who would buy it?

BTW Chuck, I unfollowed you once; probably for items #5, 6, 7 & 9?

90+ Useful Websites, Tools & Apps

Here's a list of interesting and useful websites, apps and tools that's been floating around the web for years. This list has been scrubbed to make sure the sites are still active. And I've categorized them.  Enjoy!

The Most Useful Websites and Web Apps
Communication-Audio – broadcast live audio over the web.
Communication-Chat – chat with your buddies on Skype, Facebook, Google Talk, etc. from one place.
Communication-Editing – the easiest way to write short text notes in the browser.
Communication-Editing – create text notes that will self-destruct after being read.
Communication-Editing – work on the same document with multiple people.
Communication-Email – quickly setup email reminders for important events.
Communication-Email – send rich-text mails to anyone, anonymously.
Communication-Email – the easiest way to setup email reminders.
Communication-Email – share you email address online without worrying about spam.
Communication-Misc – send an online fax for free – see more fax services.
Communication-Misc – Send tweets longer than 140 characters.
Communication-Misc – quick summarize long pieces of text with tag clouds.
Communication-Sharing – share you screen with anyone over the web.
Communication-Sharing  – broadcast events live over the web, including your desktop screen.
Communication-Tools – create flowcharts, network diagrams, sitemaps, etc.
Communication-Tools – check your writing for spelling or grammatical errors.
Communication-Video – send video emails to anyone using your web cam.
Communication-Video – setup a private video chat room in micro-seconds.
Communication-Web Pages – easily highlight the important parts of a web page for sharing.
Conversion – copy special characters that aren’t on your keyboard.
Conversion – online voice recognition in the browser itself.
Conversion – shorten long URLs and convert URLs into QR codes.
Conversion – quickly determine the font name from an image.
Conversion – recognize text from scanned PDFs – see other OCR tools.
Conversion – lets you can quickly edit PDFs in the browser itself.
Conversion – print web pages without the clutter.
Conversion – find data hidden in your photographs – see more EXIF tools.
Conversion e – find the original URL that’s hiding behind a short URL.
Editing  – quickly capture effective notes during meetings.
Editing – Store text and graphics and call them up on demand
Editing – add QR codes to your documents and presentations (review).
Editing – a beautiful to-do app that looks like your paper dairy.
Education – the best place to learn coding online.
Education – software tutorials and how-to guides.
Education  – master touch-typing with these practice sessions.
Entertainment – find full-length movies on YouTube.
Entertainment – print music sheets, write your own music online (review).
File Management – quickly send a file to someone, they can even preview it before downloading.
File Management – scan any suspicious file or email attachment for viruses.
File Management – easily manage your online files on Dropbox, Google Docs, etc.
File Management – transfer files of any size without uploading to a third-party server.
File Management – scan any suspicious file or email attachment for viruses.
File Management – for sharing really big files online.
Financial – helps you raise funds online for an event or a cause (closed).
Graphics – get color ideas, also extract colors from photographs.
Graphics – automatically find perfectly-sized wallpapers for mobiles.
Graphics – replace this with a version that works on mobile.
Graphics  – a good collection of open source fonts.
Graphics – find icons of all sizes.
Graphics – download templates, clipart and images for your Office documents.
Graphics   – download images absolutely free.
Graphics-Tools – create mind-maps, brainstorm ideas in the browser.
Graphics-Tools – for capturing screenshots of web pages on mobile and desktops.
Graphics-Tools – create diagrams and flowcharts in the browser, export your drawings to Google Drive and Dropbox.
Graphics-Tools – create paintings and sketches with a wide variety of brushes.
Graphics-Tools – Picnik is offline but PicMonkey is an even better image editor.
Graphics-Tools – an excellent layer-based online image editor.
Graphics-Tools – create timelines with audio, video and images.
Graphics-Video – record movies of your desktop and send them straight to YouTube.
Graphics-Video – make a movie out of your images, audio and video clips.
Lookup – a search engine for RSS feeds.
Lookup - Look at web sites at a specific point in time. The Wayback Machine
Lookup – find the technology stack to know everything about a website.
Lookup – get RSS feeds as an email newsletter.
Lookup – you can ask or answer personal questions here.
Lookup – see your past searches, also among most important Google URLs
Lookup – helps you search domains across all TLDs.
Lookup – when your friends are too lazy to use Google on their own.
Lookup – when you need to find the name of a song.
Lookup – when you need to find the name of a song.
Lookup – discover new sites that are similar to what you like already.
Lookup – use email on your phone to find sports scores, read Wikipedia, etc.
Lookup – the best place for searching web videos.
Mapping – create custom Google Maps easily.
Reference – track the status of any shipment on Google Maps – alternative.
Reference – design from scratch or re-model your home in 3d.
Reference – the site lets you download free Kindle books.
Reference – pick random numbers, flip coins, and more.
Reference – find definitions of slangs and informal words.
Reference – gets answers directly without searching
Reference-Travel – Track flight status at airports worldwide.
Reference-Travel – consult this site before choosing a seat for your next flight.
Services – hire people to do little things for $5.
Time-Date  – a simple online timer for your daily needs.
Time-Date – a less confusing view of the world time zones.
Time-Date  – find the local time of a city using Google Maps.
Time-Date – planning an event? Find a date that works for all.
Verification – research a website from the SEO perspective.
Verification – find if that email offer you received is real or just another scam.
Web Site Tools  – check the trust level of any website.
Web Site Tools  – if a site is down due to heavy traffic, try accessing it through coral CDN.
Web Site Tools – create a temporary web page that self-destruct.
Web Site Tools – find if your favorite website is offline or not?
Web Site Tools – find the other websites of a person with reverse Analytics lookup.
Web Site Tools – the perfect tool for measuring your site performance online.
Web Site Tools – create a free and simple website using your Dropbox account.
Web Site Tools  – find the web host of any website.
Workflow – create a connection between all your online accounts.